TOTAL
Since dec 2006
1'942'871 Visitors
4'218'042 Pages

Nov 2010 Stats
82'909 Visitors
146'476 Pages
196 countries
Full statistics



Help us translate
our tutorials!

JOIN the
OpenManiak Team.
OM TEAM
Director:
Blaise Carrera
Tutorials creation:
Blaise Carrera
Translaters:
Giovanni Fredducci
Angel Chraniotis
Moham. H. Karvan
Alexandro Silva
Blaise Carrera
Andrei Chertolyas
Sergiy Uvarov
Nickola Kolev
Łukasz Nowatkowski
Ivo Raisr
Catalin Bivolaru
Bogdan A. Costea
Kirill Simonov
Oliver Mucafir
JaeYoung Jeon
Seungyoon Lee
Jie Yu & Si Cheng
Tao Wei
YukiAlex
Fumihito Yoshida
Muhammad Takdir
Çağdaş Tülek
Auditors
Leslie Luthi
Joe Anderson
Jennifer Ockwell
Nigel Titley
Alison Rees
Webmaster:
Blaise Carrera
CDP - The Easy Tutorial

Networking CDP
Last Change : Dec 07 2010 french flagenglish flag



⚠️⚠️⚠️
Please check our website about
attractions in Western Switzerland !! (Please use english translation).

⚠️⚠️⚠️
Merci de consulter notre site sur les
activités à faire en Suisse romande !!


The CDP protocol:

The Cisco Discovery Protocol (CDP) is a proprietary layer 2 network protocol developed by Cisco Systems.
It runs on Cisco and some HP equipment devices.

It is useful for two reasons:

-

-
 
Getting information about the directly connected CDP devices such as the operating system version and IP address.
Checking that the OSI layer 2 connectivity is okay in case of IP (OSI layer 3) connectivity problems
The CDP announcements are sent to the multicast destination address 01-00-0c-cc-cc-cc.



CDP on Linux:

Linux does not natively support the CDP protocol, so we have to use a tool called "cdp-tools" to activate it.

Enabling CDP on Linux systems can be interesting on routers like Quagga and Vyatta in a Cisco environment.

Download CDP-tools in the /root directory.
If you want to download "cdp-tools" directly from the Linux CLI, proceed as follows:

#wget http://gpl.internetconnection.net/files/cdp-tools.tar.gz
Extract "cdp-tools":

#tar -xvf cdp-tools.tar
This will create the "cdp-tools" directory.

Download and install the "build-essential" meta-package containing the tools to compile programs.

#apt-get install build-essential
Download and install libnet0-dev:
Libnet0 is a generic networking API that provides access to several protocols.

#apt-get install libnet0-dev
The libpcap library (in our example libpcap0.8-dev) is installed at the same time.

Compile "cdp-tools":

#make
cc -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -c -o cdp-listen.o cdp-listen.c
cc cdp-listen.o /usr/lib/libpcap.so -o cdp-listen
cc -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -c -o cdp-send.o cdp-send.c
cdp-send.c:70: warning: 'packed’ attribute ignored for field of type ‘unsigned char[6]'
cdp-send.c:71: warning: 'packed' attribute ignored for field of type 'unsigned char[6]'
cdp-send.c:74: warning: 'packed' attribute ignored for field of type 'u_int8_t'
cdp-send.c:75: warning: 'packed' attribute ignored for field of type 'u_int8_t'
cdp-send.c:77: warning: 'packed' attribute ignored for field of type 'u_int8_t'
cdp-send.c:78: warning: 'packed' attribute ignored for field of type 'u_int8_t[3]'
cc cdp-send.o /usr/lib/libnet.so -o cdp-send


If everything goes as planned, you should have two new files called "cdp-send" and "cdp-listen" which are used to respectively send or receive traffic.



                       1. cdp-send            2. cdp-listen



1. cdp-send

Launch cd-send

cdp-send is used to send CDP traffic to directly connected devices.

Let's launch cdp-send with the minimal setting:

Syntax: cdp-send [options] interfaces... &

/root/cdp-tools/cdp-send eth0
"eth0" is the interface through which we are sending CDP traffic.
"/root/cdp-tools/cdp-send eth1 eth2" would send CDP traffic trough the eth1 and eth2 interfaces.

Check how a directly connected Cisco device sees our Linux machine:

Cisco_device>show cdp neighbours
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
           
Device ID Local Intrfce Holdtme
Capability
Platform Port ID
ubuntu Fas 1/0/5 176
H
i686 eth0
The Linux system is seen as a layer 3 host "H", on interface "eth0", with a hostname "ubuntu" and a platform "i386".

Cisco_device>show cdp neighbours details
Device ID: ubuntu
Entry address(es):
    IP address: 10.1.1.1
Platform: i686, Capabilities: Host
Interface: FastEthernet1/0/5, Port ID (outgoing port): eth0
Holdtime : 120 sec

Version :
Linux 2.6.22-10-generic

advertisement version: 2
Management address(es):
Configure "cdp-tools" to start automatically on startup:

#crontab -u root -e
@reboot /root/cdp-send eth0

Top of the page




cd-send advanced settings:

To see the advanced settings:

#/root/cdp-send
Usage: cdp-send [options] interfaces... &
  -a addr use specified address instead of that on interface
  -c caps enable capabilities (try -c list)
  -d enable debugging output
  -D dom specify VTP management domain (octal escapes ok)
  -L vlan specify native VLAN (vlanid)
  -V vlan specify voice VLAN (voiceid)
  -m mach specify machine/platform to advertise (e.g. "i686")
  -n name specify a hostname
  -p name override port name (default: interface)
  -P duplex specify port duplex (full/half)
  -o enable oneshot mode
  -s vers specify software/version to advertise (e.g. "Linux 2.6.22-10-generic")
  -S subnet specify ip prefix/subnet (need for routers, etc)
  -t secs set wait-time (default: 60 seconds)
Let's see an example, where our test ubuntu machine pretends to be a Cisco device.

#/root/cdp-send eth0 -n "7206 Core" -m 7206VXR -p "Fas 0/0" -P half -c l3r -s 7206VXR -a 10.1.1.1 -V 123 -s "Cisco Internetwork Operating System Software S (tm) 7200 Software (C7200-IK9S-M), Version 12.2(23a), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Tue 30-Mar-04 12:26 by kellmill"
Check how the directly connected Cisco device sees our Linux machine:

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
           
Device ID Local Intrfce Holdtme
Capability
Platform Port ID
7206 Core Fas 1/0/5 176
R
7206VXR Fas 0/0
The Linux system is seen as a layer 3 router "R", on interface "Fas 0/0", with a hostname "7206 Core" and a platform "7206VXR".

Cisco_device>show cdp neighbours details
Device ID: 7206 Core
Entry address(es):
    IP address: 10.1.1.1
Platform: 7206VXR, Capabilities: Router
Interface: FastEthernet1/0/5, Port ID (outgoing port): Fas 0/0
Holdtime : 164 sec

Version :
Cisco Internetwork Operating System Software S (tm) 7200 Software (C7200-IK9S-M), Version 12.2(23a), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Tue 30-Mar-04 12:26 by kellmill

advertisement version: 2
Management address(es):

Top of the page



cd-send packet analysis:

The debugging (-d) option shows the CDP Ethernet frame.

#/root/cdp-send eth0 -d -n "7206 Core" -m 7206VXR -p "Fas 0/0" -P half -c l3r -s 7206VXR -a 10.1.1.1 -V 123 -s "Cisco Internetwork Operating System Software S (tm) 7200 Software (C7200-IK9S-M), Version 12.2(23a), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Tue 30-Mar-04 12:26 by kellmill"
Sent over: eth0, total length: 306  
0000 01 00 0c cc cc cc 00 1c 23 11 22 33 01 24 aa aa ........#....$..
0001 03 00 00 0c 20 00 02 b4 d4 3d 00 01 00 0d 37 32 .... ....=....72
0002 30 36 20 43 6f 72 65 00 02 00 11 00 00 00 01 01 06 Core.........
0003 01 cc 00 04 0a 01 01 01 00 03 00 0b 46 61 73 20 ............Fas
0004 30 2f 30 00 04 00 08 00 00 00 01 00 05 00 d7 43 0/0............C
0005 69 73 63 6f 20 49 6e 74 65 72 6e 65 74 77 6f 72 isco Internetwor
0006 6b 20 4f 70 65 72 61 74 69 6e 67 20 53 79 73 74 k Operating Syst
0007 65 6d 20 53 6f 66 74 77 61 72 65 20 53 20 28 74 em Software S (t
0008 6d 29 20 37 32 30 30 20 53 6f 66 74 77 61 72 65 m) 7200 Software
0009 20 28 43 37 32 30 30 2d 49 4b 39 53 2d 4d 29 2c (C7200-IK9S-M),
000a 20 56 65 72 73 69 6f 6e 20 31 32 2e 32 28 32 33 Version 12.2(23
000b 61 29 2c 20 52 45 4c 45 41 53 45 20 53 4f 46 54 a), RELEASE SOFT
000c 57 41 52 45 20 28 66 63 32 29 20 43 6f 70 79 72 WARE (fc2) Copyr
000d 69 67 68 74 20 28 63 29 20 31 39 38 36 2d 32 30 ight (c) 1986-20
000e 30 34 20 62 79 20 63 69 73 63 6f 20 53 79 73 74 04 by cisco Syst
000f 65 6d 73 2c 20 49 6e 63 2e 20 43 6f 6d 70 69 6c ems, Inc. Compil
0010 65 64 20 54 75 65 20 33 30 2d 4d 61 72 2d 30 34 ed Tue 30-Mar-04
0011 20 31 32 3a 32 36 20 62 79 20 6b 65 6c 6c 6d 69 12:26 by kellmi
0012 6c 6c 00 06 00 0b 37 32 30 36 56 58 52 00 0b 00 ll....7206VXR...
0013 05 00 ...
The same Ethernet frame analyzed with tshark, the CLI Wireshark version.

Frame 4 (306 bytes on wire, 306 bytes captured)
  Arrival Time: Nov 11, 2007 14:37:11.128038000
  [Time delta from previous captured frame: 0.614262000 seconds]
  [Time delta from previous displayed frame: 0.614262000 seconds]
  [Time since reference or first frame: 1194615431.128038000 seconds]
  Frame Number: 4
  Frame Length: 306 bytes
  Capture Length: 306 bytes
  [Frame is marked: False]
  [Protocols in frame: eth:llc:cdp:data]
IEEE 802.3 Ethernet
  Destination: CDP/VTP/DTP/PAgP/UDLD (01:00:0c:cc:cc:cc)
    Address: CDP/VTP/DTP/PAgP/UDLD (01:00:0c:cc:cc:cc)
    .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
    .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  Source: Dell_11:22:33 (00:1c:23:11:22:33)
    Address: Dell_11:22:33 (00:1c:23:11:22:33)
    .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  Length: 292
Logical-Link Control
  DSAP: SNAP (0xaa)
  IG Bit: Individual
  SSAP: SNAP (0xaa)
  CR Bit: Command
  Control field: U, func=UI (0x03)
    000. 00.. = Command: Unnumbered Information (0x00)
    .... ..11 = Frame type: Unnumbered frame (0x03)
  Organization Code: Cisco (0x00000c)
  PID: CDP (0x2000)
Cisco Discovery Protocol
  Version: 2
  TTL: 180 seconds
  Checksum: 0xd43d [correct]
    [Good: True]
    [Bad : False]
  Device ID: 7206 Core
    Type: Device ID (0x0001)
    Length: 13
    Device ID: 7206 Core
  Addresses
    Type: Addresses (0x0002)
    Length: 17
    Number of addresses: 1
    IP address: 10.1.1.1
      Protocol type: NLPID
      Protocol length: 1
      Protocol: IP
      Address length: 4
      IP address: 10.1.1.1
  Port ID: Fas 0/0
    Type: Port ID (0x0003)
    Length: 11
    Sent through Interface: Fas 0/0
  Capabilities
    Type: Capabilities (0x0004)
    Length: 8
    Capabilities: 0x00000001
      .... .... .... .... .... .... .... ...1 = Is a Router
      .... .... .... .... .... .... .... ..0. = Not a Transparent Bridge
      .... .... .... .... .... .... .... .0.. = Not a Source Route Bridge
      .... .... .... .... .... .... .... 0... = Not a Switch
      .... .... .... .... .... .... ...0 .... = Not a Host
      .... .... .... .... .... .... ..0. .... = Not IGMP capable
      .... .... .... .... .... .... .0.. .... = Not a Repeater
  Software Version
    Type: Software version (0x0005)
    Length: 215
    Software Version: Cisco Internetwork Operating System Software S (tm) 7200 Software (C7200-IK9S-M), Version 12.2(23a), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Tue 30-Mar-04 12:26 by kellmill
  Platform: 7206VXR
    Type: Platform (0x0006)
    Length: 11
    Platform: 7206VXR
  Duplex: Half
    Type: Duplex (0x000b)
    Length: 5
    Duplex: Half



The example above, where a device pretends to be another by sending false CDP information, could be used by dishonest people.
Furthermore, if a hacker copies your usual network device banner, you could think the Linux system is one of your Cisco devices and try to log into this device with your credentials which would be captured by the hacker.

Top of the page



2. cdp-listen

cdp-listen is used to receive CDP packets.
Let's see how our test Linux sees the Cisco device directly connected to its eth0 interface.

#/root/cdp-listen eth0
# Interface: eth0
# Hostname: Cisco-hall4.openmaniak.com
# Address: 10.117.1.234
#  
# TimeToLive: 180
# Capabilities: L3R(router) L2SW(switch) IGRP
#  
# Networks:  
Configure "cdp-tools" to start automatically at startup:

#crontab -u root -e
@reboot /root/cdp-listen eth0

Top of the page